i have come accross this following network scenario and got kind of stuck.
The Service Provider is connecting two remote sites of its customer with customer's head office.
Requirement of the customer is to provide them Trunk Links to all the remote sites as well as at the head office so that they can carry their own VLAN information. Basically they have only switched network.
Customer's internal setup is as follows:
VLAN: 1 - PC/Printers etc.
VLAN: 97 - MGT IP of Switches
VLAN: 99 - IP Phone [this is configured as voice VLAN]
VLAN: 100 - for Cisco Call Manager
All of customer's switches are either catalyst 3560 or 3750. at head office there is one switch acting as a core switch [catalyst 3750 / 3 stacked switches] to provide all the trunk links over Fiber Optic links as well as acting as Access Gateway. also all these switches are in VTP TRANSPARENT Mode and all the above mentioned VLANs are manually created in each switch prior to deployment. all the switches are using VLAN 97 as their MGT access but native vlan is 1 as default.
it is also been confirmed that there is no physical loop in between the switches at head office end or any of the remote sites of customer. as for connecting with SP network customer has to use two switch ports [cofigured as trunk] for connecting two of their remote sites.
at the SP end switches are catalyst 3550 and routers used are 7206VXR-NPE-G1.
for each remote sites SP has configured a QinQ tunnel with a unique VLAN ID and carried that tunnel through MPLS L2 circuits to the remote site where the switch ports are also configured as QinQ tunnel ports with corresponding VLAN ids. these remote ports are then connected with customers LAN switches [trunk ports].
all trunk port settings of Customer switches are as follows:
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan all
Configuration details for SP end Routers/Switches are as follows:
please note that vlan 641 and 648 has been removed from spanning-tree at respective SP sites using:
"no spanning-tree vlan 641/no spanning-tree vlan 648"
native vlan tagging is not enabled in any switches of SP or Customer.
If everything works OK when only one remote site is conneted to the HQ, and both sites are confirmed as work when the other is disconnected, then that points to HQ being the problem site here.
Do you have redunadant links within HQ and no spanning tree running so there is a loop? High CPU usage on the devices there? Also why not use different voice and data VLANs for the different remotes sites? Broadcasts from Site1 are going through the SP network to the HQ, and back out to site 2? This isn't a very efficient use of the links (if I have understood your topology correctly).
I would focus on the HQ site from what you have described. Can you verify there are no loops? Also can you follow the MAC address of a client who is performing a DHCP request for example, comming in and out of every switch between the client and HQ site when both sites are connected to see how far the request gets? If it makes it all the way to the DHCP server in the HQ site (assuming that's where it is), can you follow the reply back to the requesting client in the remote site again?
i haven't been able to trace DHCP requests through out each hop in the network but will do that. and yes the servers are at HQ. and i am sure that there is no loop in any of customer's sites. however STP is running at each of the Customer switches. but none of the switches connected with SP network shows any blocking information.
as for using different vlans for voice/data won't be possible due to organizations internal & international policy.
also, my googling came up with an information about MAC Based Forwarding in switches. but i couldn't find if this is a configurable parameter in catalyst 3550/3560/3750 switches. could you pls suggest.
Thanks for your feedback.
Message was edited by: Q S Tahmeed
Edited/Added: forgot to mention that when both the locations are active "show cdp neighbor" at HQ switch shows each of the switches at remote sites.
it was later found that the issue arised due to low quality Fibre Optic media converter at Head Office end which simply couldn't handle the load. after replacing it with a better pair the issue is resolved.
Wow, I was starting to worry about the design problem and starting to suspect that headend SP interface is supposed to only handle 1 pseudowire per physical interface. Good to know that the design is OK. Time for me to lab up this scenario in VIRL.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...